percona · hors · Jan 3, 2025 · Dec 2, 2024 · Dec 2, 2024 · Dec 2, 2024
@@ -11,7 +11,7 @@ ARG GO_LDFLAGS
 ARG GOOS=linux
 ARG TARGETARCH
 ARG OPERATOR_CGO_ENABLED=1
-ARG EXTENSION_INSTALLER_CGO_ENABLED=0
+ARG EXTENSION_INSTALLER_CGO_ENABLED=1
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
 

@@ -0,0 +1,12 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestAssert
+timeout: 30
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: 10-check-extensions
+data:
+  data: |2-
+     pg_stat_monitor
+     pgaudit
@@ -0,0 +1,13 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+timeout: 30
+commands:
+  - script: |-
+      set -o errexit
+      set -o xtrace
+
+      source ../../functions
+
+      data=$(kubectl -n ${NAMESPACE} exec $(get_client_pod) -- psql -v ON_ERROR_STOP=1 -t -q postgres://postgres:$(get_psql_user_pass custom-extensions-pguser-postgres)@$(get_psql_user_host custom-extensions-pguser-postgres) -c "\c postgres" -c "select name from pg_extensions order by name")
+
+      kubectl create configmap -n "${NAMESPACE}" 10-check-extensions --from-literal=data="${data}"
@@ -8,6 +8,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/percona/percona-postgresql-operator/internal/postgres"
+
 	"github.com/pkg/errors"
 	"go.opentelemetry.io/otel/trace"
 	batchv1 "k8s.io/api/batch/v1"
@@ -241,7 +243,9 @@ func (r *PGClusterReconciler) Reconcile(ctx context.Context, request reconcile.R
 		return reconcile.Result{}, errors.Wrap(err, "failed to handle monitor user password change")
 	}
 
-	r.reconcileCustomExtensions(cr)
+	if err := r.reconcileCustomExtensions(ctx, cr); err != nil {
+		return reconcile.Result{}, errors.Wrap(err, "reconcile custom extensions")
+	}
 
 	if err := r.reconcileScheduledBackups(ctx, cr); err != nil {
 		return reconcile.Result{}, errors.Wrap(err, "reconcile scheduled backups")
@@ -524,17 +528,62 @@ func (r *PGClusterReconciler) handleMonitorUserPassChange(ctx context.Context, c
 	return nil
 }
 
-func (r *PGClusterReconciler) reconcileCustomExtensions(cr *v2.PerconaPGCluster) {
+func (r *PGClusterReconciler) reconcileCustomExtensions(ctx context.Context, cr *v2.PerconaPGCluster) error {
+	log := logging.FromContext(ctx).WithValues("cluster", cr.Name, "namespace", cr.Namespace)
 	if cr.Spec.Extensions.Storage.Secret == nil {
-		return
+		return nil
 	}
 
 	extensionKeys := make([]string, 0)
 	for _, extension := range cr.Spec.Extensions.Custom {
 		key := extensions.GetExtensionKey(cr.Spec.PostgresVersion, extension.Name, extension.Version)
 		extensionKeys = append(extensionKeys, key)
 	}
+	log.Info("List of extension keys", "extensionKeys", extensionKeys)
+	if cr.CompareVersion("2.6.0") >= 0 {
+		// custom extensions to be removed
+		var removedExtension []string
+		// list of installed custom extensions
+		var installedExtensions []string
+		if cr.Spec.Metadata != nil && cr.Spec.Metadata.Annotations != nil {
+			if val, ok := cr.Spec.Metadata.Annotations[pNaming.AnnotationClusterCustomExtensions]; ok && val != "" {
+				installedExtensions = strings.Split(val, ",")
+			}
+			crExtensions := make(map[string]struct{})
+			for _, ext := range extensionKeys {
+				crExtensions[ext] = struct{}{}
+			}
+
+			// Check for missing entries in crExtensions
+			for _, ext := range installedExtensions {
+				log.Info("Test extensions installedExt")
+				// If an object exists in installedExtensions but not in crExtensions, the extension should be deleted.
+				if _, exists := crExtensions[ext]; !exists {
+					removedExtension = append(removedExtension, strings.Split(ext, "-")[0])
+				}
+			}
+			log.Info("Test extensions installedExt", "removedExtension", removedExtension)
+
+			if len(removedExtension) > 0 {
+				var exec postgres.Executor
+				if exec == nil {
+					return errors.New("executor is nil")
+				}
+				err := DisableCustomExtensionsInPostgreSQL(ctx, removedExtension, exec)
+				if err != nil {
+					return errors.Wrap(err, "custom extension deletion")
+				}
+			}
+		}
+		if cr.Spec.Metadata == nil {
+			cr.Spec.Metadata = new(v1beta1.Metadata)
+		}
 
+		if cr.Spec.Metadata.Annotations == nil {
+			cr.Spec.Metadata.Annotations = make(map[string]string)
+		}
+		cr.Spec.Metadata.Annotations[pNaming.AnnotationClusterCustomExtensions] = strings.Join(extensionKeys, ",")
+	}
 	for i := 0; i < len(cr.Spec.InstanceSets); i++ {
 		set := &cr.Spec.InstanceSets[i]
 		set.InitContainers = append(set.InitContainers, extensions.ExtensionRelocatorContainer(
@@ -549,6 +598,32 @@ func (r *PGClusterReconciler) reconcileCustomExtensions(cr *v2.PerconaPGCluster)
 		))
 		set.VolumeMounts = append(set.VolumeMounts, extensions.ExtensionVolumeMounts(cr.Spec.PostgresVersion)...)
 	}
+	return nil
+}
+
+func DisableCustomExtensionsInPostgreSQL(ctx context.Context, customExtensionsForDeletion []string, exec postgres.Executor) error {
+	log := logging.FromContext(ctx)
+
+	for _, extensionName := range customExtensionsForDeletion {
+
+		sqlCommand := fmt.Sprintf(
+			`SET client_min_messages = WARNING; DROP EXTENSION IF EXISTS %s;`,
+			extensionName,
+		)
+
+		stdout, stderr, err := exec.ExecInAllDatabases(ctx,
+			sqlCommand,
+			map[string]string{
+				"ON_ERROR_STOP": "on", // Abort when any one command fails.
+				"QUIET":         "on", // Do not print successful commands to stdout.
+			},
+		)
+		log.V(1).Info("disabled", "extensionName", extensionName, "stdout", stdout, "stderr", stderr)
+
+		return errors.Wrap(err, "custom extension deletion")
+
+	}
+	return nil
 }
 
 func isBackupRunning(ctx context.Context, cl client.Reader, cr *v2.PerconaPGCluster) (bool, error) {

diff --git a/percona/naming/annotations.go b/percona/naming/annotations.go
@@ -46,6 +46,9 @@ const (
 	// AnnotationClusterBootstrapRestore is the annotation that is added to PerconaPGRestore to
 	// indicate that it is a cluster bootstrap restore.
 	AnnotationClusterBootstrapRestore = AnnotationPrefix + "cluster-bootstrap-restore"
+
+	//AnnotationClusterCustomExtension is annotation that added to pg cluster to handle the list of custom extensions.
+	AnnotationClusterCustomExtensions = AnnotationPrefix + "custom_extensions"
 )
 
 func ToCrunchyAnnotation(annotation string) string {